FCC bans import of new foreign-made consumer routers due to security risks
The FCC has added all foreign-produced consumer-grade routers to its Covered List, prohibiting their marketing and sale in the U.S.
SC Media
20 articles
FBI warns Americans about data risks in foreign-developed mobile apps
The FBI's public service announcement details how certain mobile apps may continuously collect user data, even when permissions are granted only for active use.
AI discovers RCE vulnerabilities in Vim and Emacs text editors
Vulnerabilities in the widely used Vim and GNU Emacs text editors, discovered with the assistance of the Claude AI, allow for remote code execution simply by...
Free Android VPNs expose users to tracking and risky servers, research finds
The analysis, using MobSF, focused on app permissions, third-party trackers, hardcoded network endpoints, and developer emails.
Venom Stealer MaaS handles attacks from ClickFix to crypto theft
The stealer persists on the victim’s machine and immediately exfiltrates data with no local staging.
Executive Paralysis and Two Pre-Recorded RSAC 2026 Interviews from DigiCert and Okta - Ann Marie van den Hurk, Amit Sinha, Matt Immler - BSW #441
Beyond the Hype: Cyber Readiness, Zero Trust, and an Unscripted Conversation - Rob Allen, Gibb Witham - SWN #568
OkCupid, Match Group settle with FTC over unlawful data sharing with AI firm
Dating app OkCupid and its parent company Match Group Americas have reached a settlement with the Federal Trade Commission, following the latter's lawsuit th...
New macOS feature seeks to avert ClickFix compromise
Apple has released a new mechanism for macOS Tahoe 26.4 that stops the execution of potentially harmful commands in Terminal and warns the user about related...
CareCloud confirms EHR environment breach
Healthcare software firm CareCloud has disclosed the potential compromise of individuals' health records following the eight-hour breach of one of its EHR re...
Allegedly stolen Lockheed Martin data being peddled for almost $600M
Leading U.S.
New critical Telegram zero-click issue threatens total device compromise
Cybernews reports that Telegram for Android and Telegram Desktop for Linux have been affected by a critical zero-click vulnerability that could enable remote...
Critical Fortinet FortiClient EMS vulnerability under attack
Intrusions harnessing a critical SQL injection flaw in Fortinet FortiClient EMS, tracked as CVE-2026-21643, were reported by Defused researchers to have been...
New Ukrainian CERT-spoofing phishing campaign delivers RAT
Ukrainian government entities, healthcare providers, financial providers, security firms, educational institutions, and software development companies have b...
Illicit LNK files deploy Russian CTRL toolkit
Illicit LNK files deploy Russian CTRL toolkit The Hacker News reports that malicious Windows LNK files masquerading as private key folders have been tapped t...
Sophisticated CrySome RAT examined
Windows environments are at risk of significant compromise with the new, advanced CrySome remote access trojan, which integrates antivirus-killing and hidden...
AI powers clandestine DeepLoad credential-stealing campaign
Enterprise business IT environments have been subjected to the DeepLoad credential-stealing malware campaign that ensured stealth via AI abuse and ClickFix a...
US bounty on Iranian hackers reissued
Multiple U.S.
Citrix NetScaler ADC bug added to CISA list of known exploits
Security agency gives federal agencies until April 2, 2026, to make the patch.
RoadK1ll malware enables stealthy network pivoting
RoadK1ll functions as a lightweight reverse tunneling implant, designed to blend into normal network traffic and transform an infected machine into a relay p...